sast-xss
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). It ingests untrusted data from the analyzed codebase and
sast/architecture.mdand interpolates this content into instructions for subagents without the use of boundary markers or explicit safety warnings. This could allow an attacker to embed instructions in source code comments that mislead the agent, such as instructing it to skip certain files or report no findings. \n - Ingestion points: Project source code and
sast/architecture.mdare read and passed to subagents as context. \n - Boundary markers: Absent. The instructions do not define clear delimiters or "ignore embedded instructions" warnings when passing external data to subagents. \n
- Capability inventory: The skill performs file reads on the codebase and writes results into the
sast/directory. \n - Sanitization: Absent. No escaping or filtering of external content is specified before interpolation into agent prompts.
Audit Metadata